Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-26 03:31:34 +01:00
Code Issues Projects Releases Wiki Activity

added rate limiting to identity

Browse Source
This commit is contained in:
Kyle Spearrin 2017-09-28 15:01:43 -04:00
parent 1cc6fb1668
commit 0fff886357
5 changed files with 59 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Api/Api.csproj
View File

@ -18,7 +18,6 @@
<PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="1.1.2" /> <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="1.1.2" />
<PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.2" /> <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.2" />
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="1.1.2" /> <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="1.1.2" />
<PackageReference Include="AspNetCoreRateLimit" Version="1.0.5" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="1.2.1" /> <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="1.2.1" />
<PackageReference Include="System.Net.Http" Version="4.3.2" /> <PackageReference Include="System.Net.Http" Version="4.3.2" />
</ItemGroup> </ItemGroup>

1
src/Core/Core.csproj
View File

@ -49,6 +49,7 @@
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<PackageReference Include="AspNetCoreRateLimit" Version="1.0.5" />
<PackageReference Include="Braintree" Version="3.8.0" /> <PackageReference Include="Braintree" Version="3.8.0" />
<PackageReference Include="CommonMark.NET" Version="0.15.1" /> <PackageReference Include="CommonMark.NET" Version="0.15.1" />
<PackageReference Include="Dapper" Version="1.50.4-alpha1-00070" /> <PackageReference Include="Dapper" Version="1.50.4-alpha1-00070" />

2
src/Api/Middleware/CustomIpRateLimitMiddleware.cs → src/Core/Utilities/CustomIpRateLimitMiddleware.cs
View File

@ -8,7 +8,7 @@ using Microsoft.Extensions.Options;
using Newtonsoft.Json; using Newtonsoft.Json;
using System.Threading.Tasks; using System.Threading.Tasks;
namespace Bit.Api.Middleware namespace Bit.Core.Utilities
{ {
public class CustomIpRateLimitMiddleware : IpRateLimitMiddleware public class CustomIpRateLimitMiddleware : IpRateLimitMiddleware
{ {

27
src/Identity/Startup.cs
View File

@ -7,6 +7,7 @@ using Microsoft.Extensions.Configuration;
using Bit.Core; using Bit.Core;
using Bit.Core.Utilities; using Bit.Core.Utilities;
using Serilog.Events; using Serilog.Events;
using AspNetCoreRateLimit;
namespace Bit.Identity namespace Bit.Identity
{ {
@ -30,6 +31,11 @@ namespace Bit.Identity
// Settings // Settings
var globalSettings = services.AddGlobalSettingsServices(Configuration); var globalSettings = services.AddGlobalSettingsServices(Configuration);
if(!globalSettings.SelfHosted)
{
services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimitOptions"));
services.Configure<IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
}
// Data Protection // Data Protection
services.AddCustomDataProtectionServices(Environment, globalSettings); services.AddCustomDataProtectionServices(Environment, globalSettings);
@ -40,6 +46,16 @@ namespace Bit.Identity
// Context // Context
services.AddScoped<CurrentContext>(); services.AddScoped<CurrentContext>();
// Caching
services.AddMemoryCache();
if(!globalSettings.SelfHosted)
{
// Rate limiting
services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
}
// IdentityServer // IdentityServer
services.AddCustomIdentityServerServices(Environment, globalSettings); services.AddCustomIdentityServerServices(Environment, globalSettings);
@ -67,6 +83,11 @@ namespace Bit.Identity
return e.Level > LogEventLevel.Error; return e.Level > LogEventLevel.Error;
} }
if(context.Contains(typeof(IpRateLimitMiddleware).FullName) && e.Level == LogEventLevel.Information)
{
return true;
}
return e.Level >= LogEventLevel.Error; return e.Level >= LogEventLevel.Error;
}) })
.AddConsole() .AddConsole()
@ -75,6 +96,12 @@ namespace Bit.Identity
// Default Middleware // Default Middleware
app.UseDefaultMiddleware(env); app.UseDefaultMiddleware(env);
if(!globalSettings.SelfHosted)
{
// Rate limiting
app.UseMiddleware<CustomIpRateLimitMiddleware>();
}
// Add IdentityServer to the request pipeline. // Add IdentityServer to the request pipeline.
app.UseIdentityServer(); app.UseIdentityServer();
} }

30
src/Identity/settings.json
View File

@ -47,5 +47,35 @@
"publicKey": "SECRET", "publicKey": "SECRET",
"privateKey": "SECRET" "privateKey": "SECRET"
} }
},
"IpRateLimitOptions": {
"EnableEndpointRateLimiting": true,
"StackBlockedRequests": false,
"RealIpHeader": "CF-Connecting-IP",
"ClientIdHeader": "X-ClientId",
"HttpStatusCode": 429,
"IpWhitelist": [],
"EndpointWhitelist": [],
"ClientWhitelist": [],
"GeneralRules": [
{
"Endpoint": "*",
"Period": "1m",
"Limit": 60
},
{
"Endpoint": "*",
"Period": "1s",
"Limit": 5
},
{
"Endpoint": "post:/connect/token",
"Period": "1m",
"Limit": 10
}
]
},
"IpRateLimitPolicies": {
"IpRules": []
} }
} }